Logging (computer security)

From Wikipedia, the free encyclopedia

For logging in on Wikipedia, see Wikipedia:Logging in.

In computer security, logging (or signing) in and out is the process by which individual access to a computer system is controlled by identification of the user in order to obtain credentials to permit access. It is an integral part of computer security. A user can log in to a system to obtain access, and then log out when the access is no longer needed. Note that the term log in (a verb) is two words, while login (a noun referring to the procedure, credentials, or form used) is one word; the same applies to log out and logout.

[edit] Logging in

The website Wikipedia's login form. A user name and password are required.

To log in (also: to log on, sign in, or sign on) is to identify oneself to the system in order to obtain access. The concept derives from the action of clocking in on arrival at a factory, where a worker would stamp a timesheet or card upon their arrival. Its usage in computing derives from IBM parlance.

The primary use of a computer login procedure is to authenticate the identity of any computer user (or computer software on this or a different computer) attempting to access the computer's services. The login procedure can also provide an audit trail of the use of the system.

To log in to a system usually requires:

a user name, a unique sequence of characters the user chooses to represent himself or herself with. A user name can be the user's real name, but is more often a short nickname or screen name. The term User ID is also used on some systems^{[citation needed]}. Many websites now use emails in place of the username, which are not publicly available, making password guessing much more difficult (the hackers need to guess the email as well)^{[citation needed]}
a password, another sequence of characters which provides the user with a key to the system and is kept secret from others.

[edit] Logging out

To log out (also: to log off, sign out, or sign off) is to close off one's access to a computer system after previously having logged in.

Logging out may be done explicitly by the user performing some action, such as entering the appropriate command, or clicking a website link labeled as such. It can also be done implicitly, such as by powering the machine off, closing a web browser window, leaving a website, or not refreshing a webpage within a defined period.

In the case of web sites that use cookies to track sessions, when the user logs out, session-only cookies from that site will usually be deleted from the user's computer. In addition, the server invalidates any associations with the session, making any session-handle in the user's cookie store useless. This features comes in handy if the user is using a public computer.

Logging out of a computer when leaving it is a common security practice, preventing unauthorized users from tampering with it. There are also people who choose to have a password-protected screensaver to activate after some time of inactivity, requiring the user to log in again to regain access.